Good morning, This is my first post. I have a question, but I actually have access to 20 years worth of PERL scripting that I am trying to wrap my head around. Alot of it may be on its way out though. At any rate, I wonder if anyone has come across this problem where a PERL programmer puts lots of text based usernames and passwords in their PERL scripts, including their own personal username and password. Then they leave the job, and if you disable their account, its going to possibly break alot of things. If you change the administrative accounts used in AD, it breaks the scripts. How do you deal with this sort of issue? Is there a way to search through all their scripts to find instances of usernames and passwords which you can change for example? thanks, Al

At any rate, I wonder if anyone has come across this problem where a PERL programmer puts lots of text based usernames and passwords in their PERL scripts, including their own personal username and password.

This problem has nothing to do with Perl itself and could be found with many other programming languages. This is poor practice, although the main guilt might not be on the programmer who wrote these things. Many systems don't offer real alternatives (storing user names and passwords in a separate file may seem cleaner, but it is just as bad a security loophole).

Hi, Yes you are correct, putting plain text usernames and passwords into scripts is not a PERL issue per se. The old programmer left, and now HR wants us to disable his account. But I'm fairly sure he uses this account to programmatically access computers. I'm not that worried if it was a good choice, just trying to make sure I can find any instances of plaintext usernames and passwords to make sure we don't break anything if we disable the account. I've seen this sort of thing before in other scripting and programming languages. I remember the head programmer at my last job was really resistant to removing the admin username and accounts in years of scripts so it could be a big complicated job. I'm not sure.

It should be fairly easy to write a perl program to automate what you are doing with Notepad. It would be a "throw away" script. (i.e. It only has to run once.) You do not have to be concerned about its being fast or easy to maintain. It would not even have to be thoroughly debugged because a small number of false positives could be tolerated. Of course, you would still have to figure out how to solve each problem that this identifies. At least this much can be done without disrupting your service.

Disabling the account is a good idea, but it will probably cause problems which you have not anticipated. Most of those will be due to poor practice. (Not just by the employee who has left.) Be sure to plan time to fix these as they arise. Good Luck, Bill